DuckDuckGo's AI-free search saw nearly 28% more visits last week, but Google is still king
"People just want a choice."
www.pcgamer.com
Немає зʼєднання з інтернетом
Перепідключення
Щось пішло не так!
Перепідключення
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root.
www.bleepingcomputer.com
посилання
Postmortem: TanStack npm supply-chain compromise
On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm. Full postmortem.
tanstack.com
посилання
Programs for Lilka can now be written in JavaScript!
Lilka is an open-source handheld console based on the ESP32, built by the Ukrainian maker community 🇺🇦. One of its nicest features is mJS support — which means programs for Lilka can be written in JavaScript, the same language that powers half of the modern web. mJS is a tiny JavaScript engine from Cesanta, built specifically for microcontrollers. The syntax is familiar, but standard JS libraries (React, npm modules, and the like) aren't supported — only the basic language and Lilka's own APIs. For simple scripts, that's perfectly fine. And the coolest part — no compilation, no reflashing. A script is just a .js file on the SD card: pick it in the menu and it runs. Edit the code, save, launch again — the whole cycle takes seconds ⚡ That's what makes Lilka such a great platform for tinkering and learning to code.A quick note before we dive in: mJS support is a fairly fresh addition to KeiraOS, introduced in v2.6.5 and still actively being developed. Things mostly work, but you might run into the occasional rough edge — for example, an error
hackaday.io
посилання
Copy Fail — 732 Bytes to Root
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
copy.fail
посилання
The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables
An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supply chain risk.
www.trendmicro.com
посилання
State of Kdenlive - 2026
In 2025, the Kdenlive team continued grinding to push the project forward through steady development, collaboration, and community support. Over the past year we’ve found a nice balance between adding new features, bug fixing, polishing the user interface, and improving performance and workflow, with stability taking priority over feature creep.
kdenlive.org
посилання
GitHub Stacked PRs
Break large changes into small, reviewable, stacked pull requests with first-class GitHub support.
github.github.com
посилання
EFF is Leaving X
After almost twenty years on the platform, EFF is logging off of X. This isn’t a decision we made lightly, but it might be overdue.
www.eff.org
Poezio v0.16.1
Just fresh out of the oven, release 0.16.1 of the poezio TUI XMPP client!
Mostly fixes and internal stuff, but also adds the ability to see redacted/moderated messages if you wish so – particularly useful if you are the one moderating –.